Hi, It looks like CRYPTO_set_mem_functions() of OpenSSL 1.0.1e does not work in FIPS 2.0.5: CRYPTO_set_mem_functions() calls indirectly CRYPTO_malloc() which sets "allow_customize = 0;" and so CRYPTO_set_mem_functions() does nothing (just return 0, instead of 1).
Gdb trace with a modified _ssl module: #0 0x0000003803463100 in CRYPTO_malloc () from /lib64/libcrypto.so.10 #1 0x0000003803542fae in FIPS_drbg_new () from /lib64/libcrypto.so.10 #2 0x00000038035448e1 in FIPS_drbg_health_check () from /lib64/libcrypto.so.10 #3 0x0000003803542e88 in FIPS_drbg_init () from /lib64/libcrypto.so.10 #4 0x00000038034cf9d1 in RAND_init_fips () from /lib64/libcrypto.so.10 #5 0x0000003803465764 in OPENSSL_init_library () from /lib64/libcrypto.so.10 #6 0x0000003803462c61 in CRYPTO_set_mem_functions () from /lib64/libcrypto.so.10 #7 0x00007ffff135bc6c in PyInit__ssl () at /home/haypo/prog/python/default/Modules/_ssl.c:3180 My question - is this behavior expected or not? Thanks a lot, Qun From: [email protected] Sent: Saturday, October 05, 2013 10:30 PM To: '[email protected]' Subject: The behavior of CRYPTO_set_mem_functions() in FIPS mode Hi, It looks like CRYPTO_set_mem_functions() of OpenSSL 1.0.1e-4.fc18 does not work: CRYPTO_set_mem_functions() calls indirectly CRYPTO_malloc() which sets "allow_customize = 0;" and so CRYPTO_set_mem_functions() does nothing (just return 0, instead of 1). Gdb trace with a modified _ssl module: #0 0x0000003803463100 in CRYPTO_malloc () from /lib64/libcrypto.so.10 #1 0x0000003803542fae in FIPS_drbg_new () from /lib64/libcrypto.so.10 #2 0x00000038035448e1 in FIPS_drbg_health_check () from /lib64/libcrypto.so.10 #3 0x0000003803542e88 in FIPS_drbg_init () from /lib64/libcrypto.so.10 #4 0x00000038034cf9d1 in RAND_init_fips () from /lib64/libcrypto.so.10 #5 0x0000003803465764 in OPENSSL_init_library () from /lib64/libcrypto.so.10 #6 0x0000003803462c61 in CRYPTO_set_mem_functions () from /lib64/libcrypto.so.10 #7 0x00007ffff135bc6c in PyInit__ssl () at /home/haypo/prog/python/default/Modules/_ssl.c:3180 My question - is this behavior expected or not? Thanks a lot, Qun ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
